EmPyre – post-exploitation OS X/Linux agent

EmPyre – RAT (Remote Access Trojan) EmPyre is a pure Python post-exploitation agent built on cryptologically-secure communications and a flexible architecture. There are many hacking group today have their own post exploitation tool for OSX like Hacking Team (Remote Code Systems) but most of these tools can be purchased and they are not open source.

EmPyre is 42 modules agent Asynchronous / C2 and use Deffie-Hellman to exchange communications. Some of the features:

Keylogging this can be used to attack SSH or other type of remote administration.

Clipboard monitoring this help you bypass some security measures like IPS.

Keychain Dump to track where to store passwords or ssh keys.

Search messages like iMessage, Jabber, Google Talk and more. This can provide the account service, message and so on.

Hash Dump.

Browser Dump these are basics dump for Chrome and Safari

Normally the pentest will start with a phishing attack such as an email with the payload to compromise the OSX system and next exploit the machine with the RAT to have the access at any moment.